Tag: privacy

To be successful, the push for cashless society must accommodate the anonymity of cash

There is no doubt that moving towards a cashless society has immense benefits: from making transactions convenient and highly efficient to bringing most of the economy under accountability. From where India stands at 2016, a concerted push towards reducing the use of cash makes a lot of sense.

In an editorial last week, Mintenumerated some important steps to ease the path towards a cashless society: availability of telecom connectivity, investment in technology that improves security and simplicity, and government incentives that favour cashless transactions. In an earlier interview with the same newspaper, Nandan Nilekani argues that since much of the necessary infrastructure — Aadhaar, IndiaStack and Unified Payments Interface — is already in place, the Modi governments currency reform (‘demonetisation’) will act as a shot in the arm for India’s move towards a cashless economy. [Disclosure: Mr Nilekani is a donor to the Takshashila Institution.]

The Mint editorial, however, misses one crucial aspect. Apart from cash being a wireless technology with near-infinite battery life, and one that needs no telecom connectivity, it is its inherent anonymity that makes it a very valuable instrument. Yet, most advocates of a cashless society advocate it precisely because it gets rid of anonymity. Ergo, the extent of cashlessness might well be defined by the extent that people value anonymity and privacy. What this means in practice is that unless the demand for anonymous transactions is satisfied, India might not cross what the editorial correctly describes as “the threshold level after which the network effect will take over.” The question is whether the desire for anonymity prevent a forming a critical mass of Indians that rely on electronic payments. This, more than technical considerations, might dictate the pace at which cash is displaced from its throne.

It is understandable, not least at times of moral panic, that ordinary people will fall in line with the arguments of moral puritans and self-righteous advocates and assert that law-abiding citizens need not fear lack of anonymity. Such views ignore the the reality that families and societies are often held together by harmless lies. For instance, one family member will to put away some money from the rest, without any illegal purpose in mind. Some people like to give anonymously to charity, without any malice or illegality involved. These kinds of innocuous, quotidian acts are a glue that binds society.

Then there are perfectly legal acts that people wish to hide from their families, society or government in order not to attract criticism or punishment. Many people have food habits they’d rather not admit to their family, others might want their alcohol and cigarette purchases to remain hidden. People might give money to NGOs and political parties that are heterodox, dissenting or championing unpopular causes. Such acts characterise and sustain liberal societies. Indeed, even some illegal activities — say prostitution or consumption of certain narcotics — that take place regardless of the letter of the law might have a stabilising influence on our societies. The fact that puritans are disgusted and outraged by this is beside the point. Indeed the story of post-Enlightenment social change around the world is one of legitimising a number of acts previously considered immoral, after weighing them in the court of Reason.

For this reason, some jurisprudence has equated anonymity of cash with free speech. I usually avoid turning policy arguments into a question of rights, as it forestalls further discussion. In this case, though, I think it is justified. It would be hard to sustain free speech if there is an audit trail exposed to the market, society or government. The chilling effect this would have would impinge on the foundations of a liberal society.

Therefore, there are good reasons, both practical and of principle, to retain anonymity in financial transactions. To succeed, initiatives to promote a cashless society must, er, account and accommodate them. Good policy ought to be able to balance many valid considerations and arrive at an optimum approach. Allowing cashless transactions to be anonymous below a certain limit might offer a reasonable compromise. For instance, a stored-value “cash” card, available without requiring proof of identity, limited to payments of Rs 10,000 per month, with an six-month expiry date is one type of solution. This will achieve the transactional benefits of electronic payments, the anonymity of cash and limit the risk of use in large-scale criminality. Of course, even these cards can be abused, but I’d argue that the social benefits outweigh the costs.

If the government takes such a route, it will create enough room for innovation that can, paradoxically hasten the march towards the cashless society. Otherwise, we might take a very long time to cross the threshold that will unleash those network effects.

Tailpiece: It’s not as if a cashless society will lead to greater honesty. Dan Ariely’s experiments suggest otherwise.

“From all the research I have done over the years, the idea that worries me the most is that the more cashless our society becomes, the more our moral compass slips. If being just one step removed from money can increase cheating to such a degree, just imagine what can happen as we become an increasingly cashless society. Could it be that stealing a credit card number is much less difficult from a moral perspective than stealing cash from someone’s wallet? Of course, digital money (such as a debit or credit card) has many advantages, but it might also separate us from the reality of our actions to some degree. If being one step removed from money liberates people from their moral shackles, what will happen as more and more banking is done online? What will happen to our personal and social morality as financial products become more obscure and less recognizably related to money (think, for example, about stock options, derivatives, and credit default swaps)?” [Dan Ariely, The (Honest) Truth About Dishonesty: How We Lie to Everyone – Especially Ourselves.]

Edward Snowden’s revelations have strengthened demands for “extricating the internet from US control.” This is not a new phenomenon. Ever since Jon Postel died in 1998, governments and non-government organisations have been engaged in a long, complex and meandering process of somehow taking control over the internet. However, while outfits like ICANN and assorted United Nations forums have gotten into the act of “internet governance”, much of the internet remains in US hands. China might well be the country that has more internet users, but it has locked its citizens behind the Great Firewall and effectively created its own national intranet.

Mr Snowden’s revelations are grave, but shouldn’t surprise anyone familiar with national security issues or the communications infrastructure business. So while a lot of international reaction is properly in the Captain Renault (“I’m shocked, shocked to find that gambling is going on in here!”) category, there are some attempts by governments to secure greater control over internet. China, Russia and Brazil are expected to raise the pitch in the coming months.

It would be terrible thing if they succeed. Whatever the imperfections, whatever the US government’s transgressions, we are better off with as much of the internet coming under the US Constitution than the UN Charter.

Why so? Because there is no better political system—the constitution, separation of powers, civil society and citizens—than the United States today that can protect liberty and free speech. Start with Mr Snowden. Where is Russia’s Snowden? Where is China’s Snowden? Where is Brazil’s Snowden? The United States has strong and vocal free speech and privacy advocates who can hold their government accountable without fear of harm. It has a judicial system that is sufficiently independent as to overrule the executive if found violating the US constitution. Despite what cynics in the United States and detractors around the world say, the US system works. To the extent that it does, it protects everyone’s liberties (albeit to a lesser degree than it protects the liberties of US citizens).

For those who contend that this isn’t good enough, consider the alternative. The vast United Nations system that is accountable to exactly no one. The General Assembly has almost two hundred nation-states as members with varying degrees of commitment to upholding liberty. The Security Council reflects the balance of interests its permanent members, where such paragons of free speech as Russia and China have a veto. Let’s say that the UN creates a brand new UN Internet Governance Council to sit at the helm of internet governance. What is to prevent it from going the way of the UN Human Rights Council, where you don’t need any commitment to human rights to be a member, and where you can rule that free speech shouldn’t defame religion.

Now, those who argue that national governments must control the internet because they must exercise their sovereignty over their ‘territory’ of cyberspace have a logical argument when they call for the internationalisation of internet governance. However, it is unfathomable why proponents of free speech and liberty would want the world’s authoritarian regimes to have a say on how the internet is governed.

Calls for “extricating the internet from US control” are effectively facades for authoritarian states to further abridge the liberties of the world’s citizens. That is why they must be resisted. Indians are much better off putting their faith in their freedom-loving American counterparts than participating in grandiose international internet governance schemes.

When Wikileaks indiscriminately leaked diplomatic correspondence it had the fig leaf of claiming it was exposing wrongdoing by governments. Never mind that it put the lives and safety of informants in authoritarian countries at risk while only revealing details of how international diplomacy is conducted. Those details might have surprised ordinary people who were unfamiliar with the workings of their foreign ministries and embassies, they didn’t achieve any lofty public purpose. As I argued then, they might have conversely caused governments to tighten up their information silos to the detriment of the public interest.

Now, when Wikileaks has indiscriminately leaked the email archives of a private firm, Stratfor, there is no fig leaf of any kind left. Stratfor is a private intelligence company that collects and sells geopolitical analysis to private and government buyers. The nature of its business requires it to seek out informants, negotiate with them and pay them. It might procure leads from US government agencies and sell them information. All this is in the nature of its business.

Some people might be appalled that other people do this kind of business, but it is a legitimate business. Stratfor didn’t claim to be the Red Cross or a humanitarian organisation. It claims to be “a subscription-based provider of geopolitical analysis…(using) a unique, intelligence-based approach to gathering information via rigorous open-source monitoring and a global network of human sources.” It is what it says it is. It operates legally.

If Julian Assange or anyone else knows of specific instances of wrongdoing or illegal activity by Stratfor or its employees, the right thing to do is register a complaint with the relevant law-enforcement authorities. If Mr Assange has evidence of illegality, the only ethical thing for him to do is to hand it over to the authorities. Wholesale, indiscriminate leaking of private information—because you dislike Stratfor’s business or suspect illegality—is neither ethical nor moral. It is quite likely illegal.

From what we know of Julian Assange, he lacks the moral compass to make these fairly obvious ethical judgements. The Hindu, though, does (or, perhaps, used to). I often disagree with the newspaper’s editorial line. However, until the Indian newspaper’s dalliance with Wikileaks, I did not have reason to complain about its basic ethics. No longer. It is unclear just how a reputed institution like The Hinducould be a willing collaborator with Mr Assange on the violation of the privacy of a private company.

If the editors of The Hindu believe that invading Stratfor’s privacy is somehow acceptable then they ought to start by opening up their own corporate email systems to the public. Make every email and phone call public. Surely the public has a right to know the names of the informants who talk to the newspaper’s journalists? Surely the public must know what the journalists tell each other and to their editors? So what if the informants are honest whistleblowers risking their lives or crafty officials manipulating public opinion? Let’s have it. Let the people decide!

If The Hindu’s editors think that their own emails are private information, why then are they denying that right to Stratfor?

Update:In an editorial note published on February 28th, the newspaper justifies its collaboration with Wikileaks on two premises. First, that “confidentiality and privacy cannot be invoked as a cover for wrongdoing or unethical behavior”; and second, “the unusual nature of Stratfor’s business — in essence, providing intelligence to clients who include governments and large corporations, some embroiled in serious controversies, like Dow Chemical — means that there is a compelling public interest in studying the e-mails to see if they cast light on corporate or governmental wrong-doing.”

This is sophistry. The ethical question here is how can we know a priori that there is wrongdoing? Is it ethical for individuals and newspapers to steal private property (or deal with thieves) merely on suspicion? Even the police can’t search without warrant. So if I suspect The Hindu of being on the payroll of the Chinese Communist Party, it it acceptable for me to hack into their email systems, or ransack their offices, to look for evidence of “wrongdoing or unethical behavior”? Clearly not.

And surely the “unusual nature of StratFor’s business” is not that unusual. For instance, “the unusual nature of The Hindu’s business – in essence providing information to clients who include governments, large corporations, rapists, convicts and enemies of India, some embroiled in serious controversies like the 2G scam and the genocide of Tamils in Sri Lanka — means that there is a compelling public interest in studying the emails to see if they cast light on corporate or governmental wrong-doing.”

So let The Hindu open up its email archives to me. I will be ‘acutely aware that my use of this material imposes special obligations upon me, in particular to respect the privacy of the legitimate business activities and private correspondence of The Hindu, its staff and those they may have corresponded with. In my reportage, I shall do my utmost to respect this obligation, by only publishing material if it clearly points to corporate or government wrong-doing or unethical behaviour, and thus meets the test of compelling public interest.’

If this proposal strikes you as preposterous, it is because it is. Strangely, and unfortunately, The Hindu’s editors are doing just this to someone else.

Wikileaks will have long term consequences on how government’s share information

What Julian Assange and Wikileaks have done with privileged US government is plain wrong. Arrogant and self-righteous, the indiscriminate publication of internal discussions, assessments and correspondence cannot be justified on grounds of freedom of information. To suggest that all information must be made public, regardless of time, place, and context—ostensibly the grounds which Wikileaks uses to justify its anarchism—is to condemn government officials to life in a Panopticon. If everything a government official says and writes is liable to become public the next moment, you will only have self-censorship, political correctness and worse, a greater tendency to avoid putting debates and decisions on record. A government that can’t deliberate in private will be paralysed or ineffective, mostly both. The legality of Mr Assange’s actions is still under debate. The sensibility is not in question. It is senseless.

This time, it is also interesting.

In the cables released yesterday, there are few things that we didn’t know or suspect: Saudi Arabia and Israel both want someone to stop Iran’s nuclear programme; the Saudis detest the Iranians they see as ‘Persian’; King Abdullah is not well disposed towards Asif Zardari or that China facilitated the transfer of North Korean ballistic missile technology to Iran. It is the details make the cables interesting. Not least from a voyeur’s perspective.

It’s unclear whether the Wikileaks will have major consequences in world affairs beyond creating embarrassment for the people and governments involved. It’s not as if the people in the Middle East didn’t know what their leaders were up to, and what US officials thought of them. It’s not as if China is about to stop its game as the world’s worst proliferator of weapons of mass destruction just because it has been fingered in some cables. Politicians, in any case, have thick skins.

What might happen is that brakes will be applied in the trend towards sharing of information within government and across departmental silos. A process that began as a result of the US intelligence community’s failure to piece together data that could have led to the uncovering of the 9/11 plot—and was adopted by governments across the world, including in India—might come to an end with abuse of technological power by Wikileaks. ‘Information fusion’ within governments is likely to be the first casualty of Mr Assange’s war on responsibility.

Update: Well, here we are:

In addition to vowing to hold WikiLeaks to account, the administration also instituted new measures to try to prevent leaks.

Office of Management and Budget Director Jacob J. Lew instructed government departments and agencies to ensure that users of classified information networks do not have broader access than is necessary to do their jobs, and to restrict the use of removable media such as CDs or flash drives on such networks.

OMB, the federal Information Security Oversight Office and the Office of the Director of National Intelligence will evaluate aid the agencies in their efforts to strengthen classified information security, Lew said.

The White House move in turn comes a day after the Pentagon announced similar steps to bolster network security following a review ordered by Defense Secretary Robert M. Gates in August. [WP]

BlackBerry must comply with Indian law. India needs a new debate on privacy.

Yes, terrorists can use anything to communicate with each other, plan attacks and help carry them out.

Hafiz Mohammed Saeed can write letters, in code, and send it by post to his sleeper agents in India. He probably does that. But not all means of communications are alike in their ability to help terrorists carry out attacks. A terrorist with a satellite phone with real-time voice and data connection is far more dangerous than a terrorist who carries letters in his pocket. So the argument that terrorists can use anything to communicate is not a valid counter to the argument that government agencies can prevent, investigate and prosecute terrorists better if they are capable of intercepting or blocking real-time communications.

For instance, there is a reasonable argument that the damage to life and property in Mumbai during the 26/11 attacks might have been lower if the terrorists had been denied access to real-time communications, from satellite phones, to cellular phones to broadcast television. There is also a reasonable argument that the ability to intercept the phone calls made by the terrorists plays an important role in prosecuting them in courts of law and in courts of public opinion. India’s law enforcement agencies have had the ability to tap your phone for ages, but apart from the odd political scandal, it is difficult to build a case that this has somehow led to the infringements of the rights of ordinary citizens.

The current debate over Blackberry’s messaging system must be placed in this context. The ongoing discussion between the Indian government and Research In Motion (RIM), the Canadian company that provides BlackBerry services, involves two inter-related issues.

First, whatever might be RIM’s values, business practices and corporate policies, its business in India is governed by Indian law. The contention that “no one else has a problem with our service” is no defence—India has security considerations that might be peculiar to it, and as long as the requirements are constitutionally legitimate, RIM must comply. It is disingenuous to conflate the legitimate authority of a constitutional democracy—imperfect as India’s is—with that of the demands made by totalitarian or authoritarian states. The two are morally and practically different. [See this editorial in the Globe and Mail].

RIM could insist—as it has just done—that it is not treated any differently from others in the field, but it cannot get away with the excuse that its corporate policy overrides the rule of law in India.

Second and the more important issue is for India to establish due processes to determine just who, under what circumstances and under what checks and balances gets to actually block or intercept communications. A national debate over digital privacy, powers of government and mechanisms for redressal is now urgent, as the Indian economy and society become ever more reliant on communications networks.

It is clear that citizens need greater, more credible safeguards. It is also clear that the government needs to be more capable of addressing threats that arise from advances in communications technology. What is not clear is whether the political establishment sees these as priorities worthy of wider public deliberation. The usual practice of passing legislation without adequate parliamentary debate is neither likely to reassure citizens of their rights nor offer new ideas to law-enforcement agencies.

This blog has consistently argued against blunt measures like banning telecommunication services, even and especially in insurgent & terrorist affected areas. Governments must learn how to operate in an information-rich, networked world. Therefore, to the extent that the Indian government’s threat to block BlackBerry services is a device to press RIM to better co-operate with the law-enforcement agencies, it is tolerable. Such a threat is credible only if it can hurt both the government itself and RIM. This appears to be the case.

However, it would be a serious mistake if the government were to make such a ban permanent. Not because India needs the BlackBerry, but because the underlying rationale is self-defeating.